Data Protection Incidents and Fines: Lessons Learned
Data Protection
Scenarios
Moving Data
You have a list of subscribers information that you need to move to another
computer in the office:
You’ve decided to use a USB device to do this
When you’re finished you put the USB device in you pocket
What’s wrong with this Scenario
?
North East Lincolnshire Council was find £80,000 after a serious data
breach of sensitive information of hundreds of children with special
educational needs was lost.
The information was stored on an unencrypted memory stick and
went missing.
Confidential Destruction
You have a large bag of confidential material, finance papers, etc…
You are trying to save on your budget and decide to put these files into the
normal recycle bag
You then take this to the local ‘on-street’ recycling collection point
You find out later that some former employees pension records have been posted
on-line
In 2012 Scottish Borders Council where fined £250,000
when these records where found in a supermarket
car park
Sending Personal Data by email
You have a list of personal & sensitive data of your best
donators and how much they have donated to your
cause but they have requested anonymity
You need to send the list to the Finance Officer
But you forget you were also in the process of sending out
a circular to every one on you mailing list
You hit send and the personal sensitive data has been sent
to everyone on the mailing list
Discuss
Surrey County Council was fined £120,000 after three data
breaches, involving misdirected emails.
Mobile device
You use your phone to pick up email
It’s not password protected
You don’t use the Outlook app (which is recommended by BCOS)
You phone is stolen
What can we do to be safe?
Mobile Device (2)
You need to take your laptop to a conference to do a presentation
It has the data base of all the people going on a Pilgrimage to Lourdes in a few
weeks with all their medical data, but you need to work on this when you’re on
the move
You leave your laptop on the train
Discuss
Glasgow City Council was fined £150,000 for
the loss of two unencrypted laptops
Mobile Device (3)
You have contacts on your smartphone
You pair this with your car’s Bluetooth handsfree
You put your car in for service.
Who has access to the contacts?
Discuss
In our own case the contacts are downloaded from the phone each time we
connect and are not accessible from the car handsfree without the phone
being present. In other makes/models of car the contacts are stored in the
handsfree unit, so would be accessible to a service mechanic.
Theft of Data
You are a Voluntary Youth Centre and have vulnerable young people
passing through. You have 3 desktop computers, one of which you use to
share information with the local council and the with other social services.
Nothing has been deleted from the PC in over 5 year's.
It is password protected “XYZ123” which is also located on a post-it note
inside the desk drawer. Its never been changed.
The Centre is broken into and the desktops are all stolen
Identify and discuss any Data Protection issues
Theft of Data (2)
Organisational and Technical Security of Personal data
Retention of Personal data – Keeping data longer than needed
Data Sharing - there was no agreement in place between the
Council and the Centre
Password – Keep it safe in your head
Lack of Technical Security - there is no obligation to encrypt
desktop computers, but it helps
Training of staff
Learn from real-life data protection scenarios that led to fines and breaches, such as improper data handling with USB devices, confidential files ending up in public recycling, misdirected emails of sensitive data, and unsecured mobile devices leading to theft. Understand the consequences and best practices to prevent such incidents in handling personal and sensitive data.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Data Protection Scenarios
Moving Data You have a list of subscribers information that you need to move to another computer in the office: You ve decided to use a USB device to do this When you re finished you put the USB device in you pocket What s wrong with this Scenario? North East Lincolnshire Council was find 80,000 after a serious data breach of sensitive information of hundreds of children with special educational needs was lost. The information was stored on an unencrypted memory stick and went missing.
Confidential Destruction You have a large bag of confidential material, finance papers, etc You are trying to save on your budget and decide to put these files into the normal recycle bag You then take this to the local on-street recycling collection point You find out later that some former employees pension records have been posted on-line In 2012 Scottish Borders Council where fined 250,000 when these records where found in a supermarket car park
Sending Personal Data by email You have a list of personal & sensitive data of your best donators and how much they have donated to your cause but they have requested anonymity You need to send the list to the Finance Officer But you forget you were also in the process of sending out a circular to every one on you mailing list You hit send and the personal sensitive data has been sent to everyone on the mailing list Discuss Surrey County Council was fined 120,000 after three data breaches, involving misdirected emails.
Mobile device You use your phone to pick up email It s not password protected You don t use the Outlook app (which is recommended by BCOS) You phone is stolen What can we do to be safe?
Mobile Device (2) You need to take your laptop to a conference to do a presentation It has the data base of all the people going on a Pilgrimage to Lourdes in a few weeks with all their medical data, but you need to work on this when you re on the move You leave your laptop on the train Discuss Glasgow City Council was fined 150,000 for the loss of two unencrypted laptops
Mobile Device (3) You have contacts on your smartphone You pair this with your car s Bluetooth handsfree You put your car in for service. Who has access to the contacts? Discuss In our own case the contacts are downloaded from the phone each time we connect and are not accessible from the car handsfree without the phone being present. In other makes/models of car the contacts are stored in the handsfree unit, so would be accessible to a service mechanic.
Theft of Data You are a Voluntary Youth Centre and have vulnerable young people passing through. You have 3 desktop computers, one of which you use to share information with the local council and the with other social services. Nothing has been deleted from the PC in over 5 year's. It is password protected XYZ123 which is also located on a post-it note inside the desk drawer. Its never been changed. The Centre is broken into and the desktops are all stolen Identify and discuss any Data Protection issues
Theft of Data (2) Organisational and Technical Security of Personal data Retention of Personal data Keeping data longer than needed Data Sharing - there was no agreement in place between the Council and the Centre Password Keep it safe in your head Lack of Technical Security - there is no obligation to encrypt desktop computers, but it helps Training of staff
